Data mining – UK Govt is selling your Medical records to insurance companies

True so does that make it all ok then? but next they will want to come and check under the mattress for the suit case of money then I would be a liberal I mean buggered

 

I have no doubt what you're saying is true. But it doesn't demonstrate that information can't be truly anonymised, or that anonymised or pseudonymised can often be used to identify individuals.

Consent is only one of the conditions for processing. There are others and they are all equally valid, i.e. if you can satisfy any other condition for processing then you don't need consent. And tbh obtaining consent to the level required by the DPA is trickier than it would at first appear, which is why the ICO recommends that organisation don't exclusively rely on it.

If they were selling identifiable data then yes, but that's not what they're intending to do. I expect organisations like the NHS and HMRC to not give out information that allows others to specifically identify me. However, if my data is included in aggregated anonymised data sets that don't allow me to be identified why should I be worked up about it?

I agree that you have little choice to give information to the NHS or HMRC but that doesn't mean that any data sharing they may do is automatically dangerous and morally wrong. If, for example, the NHS were to share anonymised patient data that lead to improvements in care would that be dangerous and morally wrong?

As above, consent is only one condition for processing and is not a requirement under the law.

 

Well i think it's impossible to truly anonymise/pseudonymise any data TBH, with computers doing the work it's fairly simple to match details from one data set with another.

I found the lady that used two data sets to re-identify pseudonymise data, her name is Dr Latanya Sweeney and she claims "87% of the U.S. Population are uniquely identified by {date of birth, gender, ZIP}"

Sorry if the link is a bit dry, it comes from her blog and it looks like they aint into fancy web sites at Harvard.

Ahhh i see, I'm going to have a good read myself when i get the time

Well that's the problem, in this modern world with data sets on nearly everything and everyone it's a simple matter of linking one set with another to re-identify people.

Although in the interest of a balanced discussion i think it's worth mentioning that apparently anyone wanting access to the pseudonymised data from our medical records would be breaking the law if they tried to re-identify people with it. http://www.ehi.co.uk/news/ehi/9207/re-identifying-care.data-illegal

The question is, are the same legal restrictions going to be put in place for all third parties using the data as he only mentions research groups. I only hope the same legal guide lines are put in place for the pharmaceutical companies and anyone else that the data is shared with, but who knows if they will be ? i think this shows that TPTB have done a very bad job of showing there are legal safe guards in place to protect people.

But we are not living in a world of people that do no harm, knowledge is power and we all know power can be used to either help or harm, used for good or bad outcomes.

I don't think anyone in their right mind could argue that the reasons for sharing data on things like medical records is a bad thing, what has people worried and rightly so IMHO is that like most government mandated schemes we have an inherent lack of trust in them, and think that they will make a pigs ear out of it.

 

It doesn't make it not OK.

 

Our different views is because we are able to make choices which is more than the government is giving us in this matter, I see it as yet another erosion of our rights of privacy.

 

I support care.data

Shocking I know, but there's a reason.
We already collect anonymous data on hospital admissions (called the Hospital Episode Statistics), and this data is ridiculously useful for research, noticing healthcare trends and all that jazz. Furthermore we actually sell this data to private companies - and without one particular company we wouldn't have noticed the problems at Stafford. I've used the data in my own clinical research, and know many others who have done the same.

care.data is going to contain information that is just as valuable to research, and a lot of research is done by private companies who pay to access it. Like it or not, we need them.

Now, the concern is simply that the safeguards around care.data need to be strong enough to prevent individuals being identified, and the punishment for breaking rules also needs to be strong enough to ensure they're not broken. The launch of care.data has been delayed to get exactly this kind of feedback from professional bodies who actually know about this kind of thing - the BMA, for example, have tabled amendments to care.data that will provide exactly these reassurances. These limits apply to anybody who accesses the data, including private companies, insurance companies etc.

 

Totally agree with all you said.

The problem is (i think) that the vast majority of the public don't trust the politicians, so when they come up with such a scheme we immediately think they are going to screw it up.

Personally i trust the BMA to get things right more than politicians, the question is are the politicians actually going to act of the BMA's recommendations, are they going to actually enforce the punishments for any company that flouts the rules, are the same safe guards going to put in place for sharing HMRC data.

There are plenty of examples of politicians asking for advise and then not acting on the recommendations, like the Leveson report, or bringing in new laws like the FGM act of 2003 and then not prosecuting anyone for breaking the law.

 

FGM prosecutions are happening right now, thankfully.

The government do listen to people like the BMA on issues like this (because it isn't headline policy, unlike the HASC bill), so I do believe the end result will be what is needed. Actually giving legislation teeth is another matter entirely - one best done via legal methods rather than just a monitoring body.

As an aside, it's nice to hear a positive opinion of the BMA from the public perspective. My BoP (branch of practice) meetings have sometimes felt like shouting in a sealed box.

 

Well it would seem TPTB didn't listen to the advise

NHS patient data storm: Govt lords SLAP DOWN privacy protections
Link to first of two pages http://www.theregister.co.uk/2014/05/08/care_bill_amendments_for_statutory_oversight_on_data_handling_rejected_by_government_peers/

From my understanding they also slapped down legislation to prevent the sale of medical records to non research and/or medical based companies, like insurance or tobacco companies. If the sharing of medical records is purely for the advancement of medical research why would they want to sell them to non health related companies ?

 

Any better source/commentary than the utter drivel that is The Register?

 

A less drivel/slanted view (i hope)
http://www.statslife.org.uk/news/1456-changes-to-care-data-debated-in-the-lords-as-part-of-the-care-bill

Lord Owen proposed to set up a statutory ‘oversight panel’

EDIT: Found a BBC link with a video of the care.data bill passing through the house of Lords.
I'm not sure at what point they put the proposed changes to a vote as its over 3 hours
http://www.bbc.co.uk/democracylive/house-of-lords-27316368

 

Right, so it's only at the HoL and still has to go through the Commons. It's had a duty placed on the SoS to "respect and promote the privacy of recipients of health services...", and that data should only be shared for the purpose of the provision of care or the promotion of health.

The motion that was defeated was a statutory oversight panel to offer independent advice on patient data. The second defeated motion was that care.data would only be used for biomed/health research.

Certainly not the BS that The Register wrote on the topic.

 

IMHO those two motions are pretty significant.

The changing of the Independent Information Governance Oversight Panel (IIGOP) from non-statutory to statutory would have given them teeth, with the ability to punish breaches of the care.data guidelines. (AFAIK)
Even the chair of the IIGOP Dame Fiona says in her personal view it needs increased powers and its recommendations should carry the weight of law.

And by not limiting the sharing of data to biomedical and health research they have left a major loop hole in the bill, by allowing it to also be shared with commercial companies, think tanks, and information intermediaries.

 

And as I said, commercial entities were the ones who noticed the data that ended up revealing the Stafford affair. An outright ban doesn't work and may harm patients.

 

It was ?
From my understanding that came to light after a healthcare commission investigation, who became alerted to the goings-on by a high mortality rate. Forgive me for being to lazy to re-read the whole thread over again but what commercial entity are you referring to ?

 

Dr Foster Intelligence, specifically Professor Jarman. Their work is what prompted the CQC investigation in the first place. Of course, this hardly gets a mention in the media, but is a well known fact within healthcare circles involved.

 

Wouldn't Dr Foster Intelligence fall under the biomedical and health research umbrella, and not the commercial companies, think tanks, and information intermediaries umbrella ?

Isn't the care.data bill expanding on who has access to the data, from companies like Dr Foster Intelligence that already had access, to a much wider group.

 

Nope, they fall under the think tank/intermediary area, which is a commercial purpose via a privately owned company. Hence restricting to a very strict definition of research isn't helpful.

care.data is about providing new data that has never been previously available. It's like taking our hospital episode statistics and supercharging it, but in the primary care context rather than tertiary. Hence if we lock too many people out, they'll never get the data and we miss opportunities.

 

Ok then, I maybe being a bit dense here (nothing new), but if a company like Dr Foster Intelligence could collate the data before the care.data bill wouldn't they still be able to do that, if it was limited to biomedical and health research.

I guess what I'm trying to ask is if the care.data bill is expanding on who presently has access, i.e at present who or what can collate data from medical records, versus what the care.data bill proposes.

From a layman's perspective it seems they are expanding on who can access the data, and possibly leaving it open interpretation.

 

The current situation is as follows.
Hospital admission data is available, and is allowed to be purchased by commercial entities. It is relatively high level data, so there's basically no realistic chance of identifying patients, but it allows useful work on current trends in hopsitals (disease burdens, changes in mortality etc).

care.data is a new scheme that looks at data that is collected by GPs (primary care). This data has never been released before, or even existed in a national database, but has just been in the GP practices' internal care records. This data is a lot more personal, hence it has to be anonymised, but by extension, it contains a lot more useful detail and therefore has a lot more potential. Saying that, it has a slightly higher risk of patients being identified if the rules are broken.

So, DFI can access the HES records currently, by paying the commercial fee. care.data isn't expanding on who has access, but it's changing what the data actually is - and by doing so makes it of increased interest to certain parties (ie: insurance). Insurance companies can access the HES records as well, right now, but they're not that useful for the work they do.